stomping forwarders

[Kevin Darcy]

Cricket Liu wrote:

> > i would love to give bind a list of IPs for which recursive requests
> > will not be honored, but rather have nxdomain returned.  or the inverse,
> > a set of ip ranges for which recursion will be honored and the rest are
> > given the nasties.
> >
> > clues?
>
> How about 8.2.2's allow-recursion substatement?

My observation has been that allow-recursion doesn't actually reject
recursive queries from the excluded sources or automatically return NXDOMAIN;
they just get treated like iterative queries, receiving an answer from
authoritative data or cache, otherwise a referral. One thing named does do to
signal the client not to send any more recursive queries is to clear the
RA (recursion available) bit in the answer. But I don't think any clients pay
attention to that bit anyway...


- Kevin